ycc_Swe
2012-Nov-07 09:13 UTC
[Dovecot] Dovecot ok for port 110, but not for SSL (beginner asking)
Hello,
I just installed Dovecot. It works for plaintext autorization, port 110. It
has connected with Telnet, Thunderbird and an on-line pop3 client.
Telnet:
+OK Dovecot ready.
user nnnnn
-ERR Unknown command.
user nnnnn
+OK
pass xxxxxxxxxx
+OK Logged in.
stat
+OK 1 1553
retr 1
+OK 1553 octets
Return-path: <sssssss at hotmail.com>
Envelope-to: nnnnnn at mydomain.com
Delivery-date: Tue, 06 Nov 2012 12:02:28 +0100
Received: from bay0-xcvxcv-xvxcv.bay333.hotmail.com ([123.123.123.123])
by deb7.pc with esmtp (Exim 4.80)
But when I try ssl (port 995) with an on-line pop3 client, it will not work:
/var/log/mail.log
Nov 7 02:46:55 deb7 dovecot: pop3-login: Disconnected (no auth attempts in
0 secs): user=<>, rip=12.12.12.7, lip=123.123.123.123, TLS: Disconnected,
session=<Iza75N3NlABBNykH>
Nov 7 02:46:56 deb7 dovecot: pop3-login: Disconnected (no auth attempts in
1 secs): user=<>, rip=12.12.12.7, lip=123.123.123.123, TLS: Disconnected,
session=<nWTF5N3NlQBBNykH>
root at deb7:~# doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-3-686-pae i686
disable_plaintext_auth = no
mail_gid = mail
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location prefix }
passdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
I know very little about mail and ssl. I have assumed that ssl will be set
up "automatically" when Dovecot is installed. But maybe I have missed
something here. Please give me pointers.
The following two files contain ssl keys:
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
I have tried changing the ssl parameter ("yes", "required")
in 10-ssl.conf
but with no change except that port 110 login becomes disabled.
As you can see I am a beginner with Dovecot, I hope it is still OK to ask on
this mailing list. Thanks.
--
View this message in context:
http://dovecot.2317879.n4.nabble.com/Dovecot-ok-for-port-110-but-not-for-SSL-beginner-asking-tp38611.html
Sent from the Dovecot mailing list archive at Nabble.com.
Robert Schetterer
2012-Nov-07 10:19 UTC
[Dovecot] Dovecot ok for port 110, but not for SSL (beginner asking)
Am 07.11.2012 10:13, schrieb ycc_Swe:> Hello, > > I just installed Dovecot. It works for plaintext autorization, port 110. It > has connected with Telnet, Thunderbird and an on-line pop3 client. > > Telnet: > +OK Dovecot ready. > user nnnnn > -ERR Unknown command. > user nnnnn > +OK > pass xxxxxxxxxx > +OK Logged in. > stat > +OK 1 1553 > retr 1 > +OK 1553 octets > Return-path: <sssssss at hotmail.com> > Envelope-to: nnnnnn at mydomain.com > Delivery-date: Tue, 06 Nov 2012 12:02:28 +0100 > Received: from bay0-xcvxcv-xvxcv.bay333.hotmail.com ([123.123.123.123]) > by deb7.pc with esmtp (Exim 4.80) > > But when I try ssl (port 995) with an on-line pop3 client, it will not work: > /var/log/mail.log > Nov 7 02:46:55 deb7 dovecot: pop3-login: Disconnected (no auth attempts in > 0 secs): user=<>, rip=12.12.12.7, lip=123.123.123.123, TLS: Disconnected, > session=<Iza75N3NlABBNykH> > Nov 7 02:46:56 deb7 dovecot: pop3-login: Disconnected (no auth attempts in > 1 secs): user=<>, rip=12.12.12.7, lip=123.123.123.123, TLS: Disconnected, > session=<nWTF5N3NlQBBNykH> > > root at deb7:~# doveconf -n > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-3-686-pae i686 > disable_plaintext_auth = no > mail_gid = mail > mail_location = mbox:~/mail:INBOX=/var/mail/%u > namespace inbox { > inbox = yes > location > prefix > } > passdb { > args = username_format=%u /etc/dovecot/users > driver = passwd-file > } > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = " imap pop3" > ssl_cert = </etc/ssl/certs/dovecot.pem > ssl_key = </etc/ssl/private/dovecot.pem > userdb { > args = username_format=%u /etc/dovecot/users > driver = passwd-file > } > > I know very little about mail and ssl. I have assumed that ssl will be set > up "automatically" when Dovecot is installed. But maybe I have missed > something here. Please give me pointers. > The following two files contain ssl keys: > ssl_cert = </etc/ssl/certs/dovecot.pem > ssl_key = </etc/ssl/private/dovecot.pem > > I have tried changing the ssl parameter ("yes", "required") in 10-ssl.conf > but with no change except that port 110 login becomes disabled. > > As you can see I am a beginner with Dovecot, I hope it is still OK to ask on > this mailing list. Thanks. > > > > -- > View this message in context: http://dovecot.2317879.n4.nabble.com/Dovecot-ok-for-port-110-but-not-for-SSL-beginner-asking-tp38611.html > Sent from the Dovecot mailing list archive at Nabble.com. >have a look http://wiki2.dovecot.org/SSL/DovecotConfiguration Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
ycc_Swe
2012-Nov-08 07:54 UTC
[Dovecot] Dovecot ok for port 110, but not for SSL (beginner asking)
Thank you for your reply.
I read the page you link to. As I understand I should set the ssl-parameter
in 10-ssl.conf to "yes" or "required".
I should also have permissions like this:
root at deb7:/etc/dovecot/conf.d# ls -l /etc/ssl/*/dovecot.pem
-r--r--r-- 1 root root 1326 Nov 3 14:24 /etc/ssl/certs/dovecot.pem
-r-------- 1 root root 1704 Nov 3 14:24 /etc/ssl/private/dovecot.pem
root at deb7:/etc/dovecot/conf.d#
Other information on the page, as I understand, has to do with more
"advanced" setups than mine.
I still have the same problem. When I set ssl parameter to yes/required I
can still not connect to port 995.
This time I set ssl=verbose. This is what the log shows when I try to
connect with ssl.
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x10, ret=1:
before/accept initialization [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
before/accept initialization [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 read client hello A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write server hello A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write certificate A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write server done A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 flush data [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 read client key exchange A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 read finished A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write change cipher spec A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write finished A [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 flush data [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x20, ret=1:
SSL negotiation finished successfully [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL: where=0x2002, ret=1:
SSL negotiation finished successfully [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Warning: SSL alert: where=0x4008,
ret=256: warning close notify [12.12.12.7]
Nov 8 08:42:25 deb7 dovecot: pop3-login: Disconnected (no auth attempts in
0 secs): user=<>, rip=12.12.12.7, lip=13.13.13.239, TLS: Disconnected,
session=<zrnz+fbNpwBBNykH>
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x10, ret=1:
before/accept initialization [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
before/accept initialization [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 read client hello A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write server hello A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write certificate A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write server done A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 flush data [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 read client key exchange A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 read finished A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write change cipher spec A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 write finished A [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1:
SSLv3 flush data [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x20, ret=1:
SSL negotiation finished successfully [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL: where=0x2002, ret=1:
SSL negotiation finished successfully [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Warning: SSL alert: where=0x4008,
ret=256: warning close notify [12.12.12.7]
Nov 8 08:42:26 deb7 dovecot: pop3-login: Disconnected (no auth attempts in
0 secs): user=<>, rip=12.12.12.7, lip=13.13.13.239, TLS: Disconnected,
session=<N9L9+fbNqABBNykH>
root at deb7:/etc/dovecot/conf.d#
root at deb7:/etc/dovecot/conf.d# doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-3-686-pae i686 Debian wheezy/sid
disable_plaintext_auth = no
mail_gid = mail
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location prefix }
passdb {
args = scheme=CRYPT username_format=%u /etc/dovecot/users
driver = passwd-file
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
ssl = required
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
root at deb7:/etc/dovecot/conf.d#
Thanks for repying. I still have the same problem. Dovecot works for me on
port 110, but not on 995/ssl.
--
View this message in context:
http://dovecot.2317879.n4.nabble.com/Dovecot-ok-for-port-110-but-not-for-SSL-beginner-asking-tp38611p38656.html
Sent from the Dovecot mailing list archive at Nabble.com.
Robert Schetterer
2012-Nov-08 08:18 UTC
[Dovecot] Dovecot ok for port 110, but not for SSL (beginner asking)
Am 08.11.2012 08:54, schrieb ycc_Swe:> Thanks for repying. I still have the same problem. Dovecot works for me on > port 110, but not on 995/ssl.look here http://wiki2.dovecot.org/TestPop3Installation look for your auth fit what you want disable_plaintext_auth.... verify your pem/crt is not broken look http://wiki2.dovecot.org/AuthDatabase/PasswdFile Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich